Oracle

Communications Performance Intelligence Center

15 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2021-45105

Warning
  • EPSS 65.66%
  • Published 18.12.2021 12:15:07
  • Last modified 21.11.2024 06:31:58

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service wh...

7.8

CVE-2021-3156

Warning Exploit
  • EPSS 92.26%
  • Published 26.01.2021 21:15:12
  • Last modified 03.04.2025 19:47:48

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

7.5

CVE-2020-12723

  • EPSS 0.18%
  • Published 05.06.2020 15:15:10
  • Last modified 21.11.2024 05:00:08

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

8.2

CVE-2020-10543

  • EPSS 3.94%
  • Published 05.06.2020 14:15:10
  • Last modified 21.11.2024 04:55:32

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

8.6

CVE-2020-10878

  • EPSS 0.11%
  • Published 05.06.2020 14:15:10
  • Last modified 21.11.2024 04:56:16

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

10

CVE-2020-10188

  • EPSS 6.95%
  • Published 06.03.2020 15:15:14
  • Last modified 21.11.2024 04:54:55

utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

7.5

CVE-2019-10086

  • EPSS 0.26%
  • Published 20.08.2019 21:15:12
  • Last modified 21.11.2024 04:18:22

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by defa...

5.9

CVE-2019-1559

  • EPSS 5.05%
  • Published 27.02.2019 23:29:00
  • Last modified 21.11.2024 04:36:48

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid...

5.9

CVE-2018-11039

  • EPSS 2.92%
  • Published 25.06.2018 15:29:00
  • Last modified 21.11.2024 03:42:32

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring ...

6.5

CVE-2018-1257

  • EPSS 1.79%
  • Published 11.05.2018 20:29:00
  • Last modified 21.11.2024 03:59:28

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A ...